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A METHOD FOR SECURE OPERATION OF A COMPUTING DEVICE 



The present invention relates to a method of operating a computing device, 
and in particular, to a method for secure operation of a computing device 
where a user needs to be authenticated, such as by entering a pass phrase, 
before the user is able to carry out a requested operation on the device. The 
present invention also relates to a computing device arranged to operate 
according to the above method and also to computer software for causing a 
computing device to operate in accordance with the above method. 

The term computing device as used herein is to be expansively construed to 
cover any form of electrical device and includes, data recording devices, such 
as digital still and movie cameras of any form factor, computers of any type or 
form, including hand held and personal computers, and communication 
devices of any form factor, including mobile phones, smart phones, 
communicators which combine communications, image recording and/or 
playback, and computing functionality within a single device, and other forms 
of wireless and wired information devices. 

Increasingly, distributed computing systems are becoming a prevalent aspect 
of everyday life. Distributed computing devices are now connected by local 
area networks, wide area networks, and networks of networks, such as the 
internet. Many such networks are secured by a . variety of techniques, 
including firewall software, routing limitations, encryption, virtual private 
networks, and/or other means. Computers within a security perimeter may be 
given ready access to data stored in the secure network, usually subject to 
userand group permissions, access control lists, and the like, while machines 
. outside the perimeter are substantially or entirely denied access. 

With the growth of such secure networks and their information content, there 
is an increasing need to support secure access by authorized users. There is 
also an increasing need to authenticate users because even though a user 
may be authorised to access a network there are certain communications 
over a network that are regarded to be more sensitive than others. The use of 



encryption and decryption techniques are increasingly being regarded as 
essential when carrying out any kind of sensitive transaction, such as a 
credit-card purchase over the internet, or the discussipn of company 
confidential infomriation between different remote departments in an 
organisation. 

Pretty Good Privacy (PGP) is a computer program used to encrypt and 
decrypt communications over lai^e networks such as the internet It can also 
be used to send an encrypted digital signature that enables a receiver of a 
communication to veriiy the Identity of a sender and know that the message 
was not changed en route. PGP is the one of the most widely used privacy- 
ensuring programs. PGP uses a variation of the public key system. In such 
systems, each user has a publicly known encryption key and a private key 
known only to that user. A message sent to a third party is encrypted using 
the public key for that party. When the encrypted message Is received by the 
third party, it is decrypted using the private key for that party. Since 
encrypting an entire message can be relatively time-consuming, PGP uses a 
faster encryption algorithm to encrypt the message and then uses the public 
key to encrypt the shorter key that was used to encrypt the entire message. 
Both the encrypted message and the short key are sent to the receh^er who 
first uses the private key of the receiver to decrypt the short key and then 
uses that key to decrypt the message. The use of encryption/decryption 
techniques are considered to t>e especially important in wireless 
communications because wireless circuits are often easier to "tap" than their 
hard-wired counterparts. 

However, it is essential to authenticate the persons sending or accessing the 
encrypted data. Authentication is the process of determining whether 
someone or something is, in fact, who or what it is declared to be. In private 
and public computer networks, including the internet, authentication is 
commonly done through the use of logon passwords. Knowledge of the 
password is assumed to guarantee that the user is authentic. £ach user may 
register initially using an assigned or self-declared . password. On each 
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subsequent use, the user must know and use the previously declared 
password. The weakness in this system for transactions that are significant, 
such as the exchange of money, is that passwords can often be stolen, 
accidentally revealed, or forgotten. 

■ « 

For encryption and decryption programs such as PGP, a pass phrase is used, 
in essence, as a digital signature to authenticate a person. The pass phrase 
does, in fact, perform two purposes - it allows the key manager software to 
determine that the authorised user of the software is actually presentees only 
that user knows the PIN or pass phrase) and it confirms that the user wishes 
the key to be used. Hence, the pass phrase is used to prove that the person 
claiming to have sent a message, or trying to gain access to an encrypted 
message, or trying to carry out a secure transaction such as a commercial 
purchase, is in fact that person. Because an improved level of security is 
required in comparison to that provided by a normal access password, the 
pass phrase is typically about 1 6 characters in length, and f requentiy these 
may be up to about 100 characters in length. 

if rogue software were to try to invoke the key manager in an attempt to sign a 
transaction which the user had not requested, then the appearance of the 
user interface requesting the user to authenticate himself/herself would alert 
the user that a third party is attempting to use his or her key, and the user 
would decline to authenticate himself/herself. 

As outiined above, the pass phrase is usually a relatively lengthy sequence of 
alpha numeric characters and the repeated entry of the pass phrase each 
time user authenti'cation is required is not considered to be convenient If the 
pass phrase is a relatively lengthy alphanumeric sequence, or if pass phrase 
re-entry is requested too often, repeated authentication too frequentiy may 
even discourage the use of the encryption process by a user on occasions 
where its use would otherwise be considered particulariy beneficiai. Hence, 
to improve the user experience of the use of such systems, it is known not to 
require the user to authenta'cate again if the key is used a short time after a 
previous use of the key. This is referred as "pass phrase caching". Pass 



phrase caching is one way of implementing the user experience in a way such 
that the l^ey is "uniodced" for a predetermined period of time. It is only after 
the expiry of this period of time that further use of the key will require the 
authentication process to be repeated. 

With known authentication schemes, the pass phrase is cached for a 
predetennined time period; for example 30 minutes. Hence, the following 
sequence of events may, as an example, be required of a user in order to 
carry a number of secure Operations 

1 . A user requests to decrypt an email - Operation A. 

2. The user enters his/her pass phrase (authenticates himself/herself) to 
decrypt and read the mail. 

3. Five minutes later, the user decrypts another email - Operation A. 

4. The user is not asked to re-enter the pass phrase because the pass 
phrase is still cached. 

5. One minute later, the user signs another email - Operation B. 

6. The user is not asked to re-enter the pass phrase because the pass 
phrase is still cached. 

7. One minute later, the user signs another email - Operation B. 

8. The user is not asked to re-enter the pass phrase because the pass 
phrase is still cached. 

9. Five minutes later, the user signs another email - Operation B. 

10. The user is not asked to re-enter the pass phrase because the pass 
phrase is still cached. 

1 1 . One hour later, the user tries to sign another email - Operation B. 

12. The user re-enters the pass phrase because the cached pass phrase 
has expired. 

13. One hour later, the user requests to decrypt another email - Operation 
A. 

14. The user re-enters the pass phrase because the cached pass phrase 
has expired. 

1 5. Ten minutes later, the user requests to carry out a financial transaction 
- Operation G. 
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1 6. The user is not asked to re-enter the pass phrase t)ecause the pass 
phrase is still cached. 

It can be seen from the above example that, because the pass phrase is 
cached for a predetermined period of time, Operation A, Operation B or 
Operation C can be carried out for as long as the caching period for the pass 
phrase is valid because a common caching period Is adopted irrespective of 
the operation to be carried out by the user. However, it will be appreciated 
that, in the above example. Operation 0, involving financial expense, is more 
commercially sensitive than Operation B. Furthermore, Operation B, involving 
the generation of an email, is more sensitive than Operation A, which is 
limited to reading of an emaih But, each can be carried out vynthout re-entry of 
the pass phrase since the pass phrase is already authenticated because the 
caching period has not expired. Hence, to an extent, the caching of a pass 
phrase for a period which is considered appropriate for one type of operation 
may compromise security for arwther type of operation. 

It is therefore an object of the present invention to provide an improved 
method for authenticating a user requiring to perform an operation on a 
computing device. 

According to a first aspect of the present invention there is provided a method 
of operating a computing device, the method comprising, in r^ponse to a 
request from a user to carry out an operation using the device, determining 
the time period since the identity of the user was authenticated, and enabling 
the requested operation in dependence upon the determined time period and 
the purpose of the requested operation. 

m 

According to a second aspect of the present invention there is provided a 
computing device arranged to operate in accordance with a method ac^rding 
to the first aspect. 
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According to a third aspect of the present Invention there is provided 
computer software for causing a computing device in accordance v^th the 
second aspect to operate in accordance with a method according to the first 
aspect. 

An embodiment of the present invention will now be described, by way of 
further example only, with reference to figure 1 , which illustrates a flow chart 
of a method for authenticating a user in accordance with the present 
invention. 

Referring to figure 1 , at step 2 a computing device receives a request to cany 
out a secure operation, which can only be completed if the user is currently 
authenticated, such as by entry of a pass phrase. At step 4, the computing 
device determines the type of operation which the user has requested. For 
example, the user may be requesting to canry out approval of a purchase 
contract with significant financial obligations, in which case it is imperative to 
correctly identify the user and thus ensure that the user has the authority to 
commit to the financial obligations. This can be regarded as an operation 
requiring a high security level. Altematively, the user may be requesting to 
canry out a relatively low security level operation, such as reading of an email. 
The type of operation being requested may be determined in a number of 
ways, such as by determining the type of application used to carry out the 
operation, the type of file required, or even by analysing the content of the 
request itself. Many ways of determining the type of operation will be 
apparent to persons familiar to this art, and it is considered that the present 
invention can be applied to and therefore encompasses any method which 
can be used to categorise requested operations. 

At step 6, the computing device determines the time which has elapsed since 
the user was last authenticated by entering his/her pass phrase. With the 
present invention, the computing device then determines whether the time 
elapsed since authentication is acceptable for the operation being requested. 
This is shown as step 8 in figure 1 . Taking the examples of contract approval 
and reading an email, as referred to at)ove, the reading of the email is a 
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relatively low level secure operation and hence the 'standard' caching period, 
say one hour, is considered to be acceptable. The time period elapsed since 
the last authentication is determined to be less than one hour and the pass 
phrase, and thus the identity of the user, is considered to be authentic. 
Therefore, the operation is enabled and this is shov\/n as step 10 in figure 1. 
However, for the contract approval operation, the system has been arranged 
such that for this type of operation the caching period expires upon the 
completion of the previous operation of the same type. Hence, in this 
example the computing device determines at step 8 that the time elapsed 
since the last authentication Is not valid for the requested operation and 
requests, at step 12 of figure 1, for the user to re-enter his/her pass phrase in 
order to authenticate the user for the particular contract approval operation. If 
the pass phrase is entered correctly, the user is authenticated and the time 
period is determined to be acceptable at step 8 and this high level secure 
operation is then enabled. After enabling the requested operation, the 
process ends at step 14. It can be seen that the atK>ve process provides a 
more secure environment, but still enables one pass phrase to control the use 
of all keys. 

The following example shows how the present invention may be used for two 
similar but more obviously distinct operations. Operation A is "decrypt and 
view my calendar entries for today", and Operation B is "sign a trartsaction to 
purchase a book". Operation A is in all probability going to be requested by 
the user many times during each working day and hence would be very 
annoying if the user has to type in his/her pass phrase every time the user 
wishes to consult the calendar entries for the day concerned. In essence, the 
user should only be required to enter his/her pass phrase once or possibly 
twice a day to carry out this operation. On the other hand. Operation B is 
costing money, so the user will want to make ensure that a third parly who 
may gain access to the computing device, which may be in the form of a 
mobile phone, cannot carry out any financial transaction, such as the 
purchase of books, so a relatively short caching time is set for this type of 
operation. But, suppose the user wishes to purchase three -books from three 
suppliers in relatively qutek succession, then the user does not want to have 
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to enter his/her pass phrase for each transaction, but nevertheless requires 
to have a higher level of security than that provided by the caching time set for 
his/her calendar In fact the user may want his/her pass phrase to permit use 
of Operation B for a relatively short time, say 3 minutes. So, in the present 
invention, the above operations may be conducted as follows: 

1 . The user asks to view his/her calendar - Operation A. 

2. The user enters his/her pass phrase. 

3. Five minutes later, the user views another day in the calendar 
- Operation A. 

4. Because the pass phrase was entered less than one day ago and is 
within the caching period, the user is not prompted for his/her pass 
phrase. 

5. One minute later, the user requests to buy a t>ook - Operation B. 

6. Because the pass phrase was last entered more than 3 minutes 
ago, the user IS asked to re*enter the pass phrase. This is different 
behaviour and is good security. 

7. One minute later the user buys another book - Operation B. 

. 8. The user is not asked to re-^nter the pass phrase, because the pass 
phrase was last entered less than 3 minutes ago. 

9. Five minutes later the user buys another book - Operation B. 

10. The user IS asked to re-enter the pass phrase because it was last 
entered more than 3 minutes ago - different behaviour for Operation B, 
with improved security with use of the same password. 

1 1 . One hour later the user buys another book - Operation B. 

12. The user is requested to re-enter the pass phrase. 

13. One hour later the user requests to view calendar entries - Operation 
A. 

14. The user IS NOT requested to re-enter the pass phrase because it was 
last entered less than one day ago) * different behaviour to Operation 
B, providing a requisite level of security with good user convenience. 

In summary, the user is asked for his/her pass phrase only when it considered 
necessary according to the security of the operation that is about to be carried 
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out and the time that has ^lapsed ^ince the pass phrase was last entered, and 
not mechanically upon a time period fixed for a caching period which does not 
relate to the operations which may be carried out during the caching period. It 
is envisaged that the user will select the categories of operations, and the 
associated elapsed time periods so that the user may arrange never to have 
to re-enter the pass phrase in rapid succession. 

Although the present invention has been described with reference to a 
particular embodiment, it will be appreciated that modifications may be 
effected whilst remaining within the scope of the present invention as defined 
by the appended claims. For example, in the embodiment described above, 
the elapsed time is determined from the last or immediately preceding entry of 
the pass phrase. However, this elapsed time may also be determined from a 
previous entry of the pass phrase which is not necessarily the last entry. 
Furthermore, the invention has been described with reference to the use of 
pass phrases. However, other methods for authenticating the user may also 
be employed, such as the use of pass words or PINs (Personal Identification 
Numbers), and/or biometric data, such as fingerprint or iris recognition. 
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Claims 

1. A method of operating a computing device, the method comprising, 
in response to a request from a user to carry out an operation using 
the device, determining the time period since the identity of the user 
was authenticated, and enabling the requested operation in 
dependence upon the determined time period and the purpose of 
the requested operation. 

2. A method according to claim 1 wherein the identity of the user is 
authenticated using a pass phrase. 

3. A method according to claim 1 wherein the identity of the user is 
authenticated using biometric information. 

4. A metiiod according to any one of claims 1 to 3 comprising 
determining the time period since the identity of the user was last 
authenticated. 

5. A method according to any one of the preceding claims wherein the 
requested operation is enabled if the determined time period is less 
than or equal to a time period set by the user. 

6. A method according to claim 5 wherein the time period set. for one 
type of operation is a multiple of a time period set for another type 
of operation. 

7. A method according to claim 5 wherein the time period for a type of 
operation is arranged to expire upon completion of the immediately 
preceding operation of the same type. 
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A method according to any one of the precisding claims wherein 
categories of operations used to determine the purpose for a 
requested operation are set by the user. 

A computing device arranged to operate in accordance with a 
method as claimed in any one of claims 1 to 8. 

A computing device according to claim 9 comprising a mobile 

« 

phone. 

Computer software arranged to cause a computing device as 
claimed in claim 9 or 10 to operate in accordance with a method as 
claimed in any one of daims 1 to 8. 
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ABSTRACT 

In a computing device, when a user requests to carry out an operation, the 
device determines the type of operation requested and the time period 
since the user was last authenticated. The operation is enabled only if the 
determined time period does not exceed a threshold for the requested 
operation. 



(Figure 1) 
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